Telegram becomes digital battlefront in Russia – Ukraine conflict 

• Check Point Research noticed a massive increase in Telegram related groups
• Anti-Russian cyber-attack groups that were recently created on Telegram are growing steadily daily, rising to over 250K users per group
• CPR researchers also discovered that cyber hacktivists are choosing Telegram to transfer messages, cyber arms, and tools, and are “pointing” attackers to relevant Russian targets

As more social media apps from the US continue to distance themselves from Russa, Telegram is becoming increasingly popular among users in both Russia and Ukraine. The end-to-end encrypted, cloud-based chat and video conferencing service is now the key source of digital information for both countries, says recent data.

According to Check Point Research (CPR), amid the Russia-Ukraine conflict, users volume has grown a hundredfold daily on Telegram discussion and media sharing groups — peaking at 200,00 users in a single group. The research house further noted that recently-created anti-Russian cyberattack groups are growing steadily at a daily rate, rising to over 250,o000 users per group. Some groups disguised as fundraising efforts for Ukraine, are suspected to be fraudulent.

Reports also show that journalists in Ukraine are using Telegram to disseminate the news and updates about the Russian invasion. Compared to other social media chat groups and channels, Telegram channels can host up to 250,000 users, a significantly higher reach than most.

Last week, Reuters reported that Telegram founder Pavel Durov said the app may consider partially or fully restricting the operation of some channels if the situation in Ukraine escalates. Durov felt that Telegram channels were increasingly becoming a source of unverified information and that he did not want the app to be used as a tool that may deepen conflicts.

Meanwhile, CPR researchers who have been closely monitoring growing activity being managed on Telegram, saw about 6x more groups surfacing around the conflict, than the day before the invasion. They noticed that cyberattack groups against Russia urge followers to attack Russian targets in different ways and tools, mainly DDoS intrusions.

CPR also discovered groups urging followers to support Ukraine by fundraising, to be of doubtful authenticity, often suspected to be fraudulent. There were also numerous “news feed” groups, airing updated and “exclusive” news reports about the conflict, bypassing mainstream news outlets.

Ultimate hacker communication tool

CPR researchers also discovered that cyber hacktivists are choosing Telegram to transfer messages, cyber arms, and tools, and are “pointing” attackers to relevant Russian targets. “Since the beginning of the war, we have seen tens of groups being created daily. Some groups boast over 250,000 users. CPR estimates that about 23% of the groups observed on Telegram attempt to unite hackers, IT professionals, and other IT “fans” to attack Russian targets in cyberspace.

These groups are used to coordinate the attack, decide on targets, and share results, even offering to help each other for the goal. DDoS attacks became very common as a cyber-weapon, with anti-Russian attackers pointing against targets they favor, and requesting group users to follow. For example, the Anna group is calling followers to attack Russian targets via DDoS, SMS, or call-based attacks,” commented CPR.

At the same time, there has been a growing phenomenon in the form of Telegram groups requesting to raise funds for Ukraine and its population. CPR investigations show that many of such requests and groups are highly suspected to be fraudulent.

“Each of these groups on Telegram consists of tens of thousands of users, and we have been spotting this growth since the fighting started, expecting this to further grow as the conflict propagate. CPR estimates that roughly 4% of the groups observed on Telegram are geared toward donations to support a side of the current conflict, many of which are suspicious,” said the researchers.

Telegram channels a source of information

CPR researchers also observed news groups appearing rapidly from the beginning of the conflict and have continued to grow since then. In such groups, the quality of news feeds is not a factor and users often leverage this to spread “news” and “facts” that are not actually verified or checked. This is a form of psychological weapon, used to demoralize and influence morals.

The Ukrainian government has also been using Telegram to post photos and videos of killed and captured Russian soldiers. However, a report in The Washington Post pointed out that this tactic could also be interpreted as a violation of the Geneva Convention. The Geneva Convention requires governments to protect prisoners of war from insults and public curiosity at all times.

In addition, CPR cited 2% of the groups titled with other conflict-related subjects. Most of them are either non-active or have almost no users in them.

On a separate note,  the co-founder of rival encrypted messenger app Signal, Moxie Marlinspike, accused Telegram of being at risk from government spying in Russia as the Kremlin could “leverage family safety” of Telegram employees to gain access. Telegram responded that the app no longer has any servers or developers based in Russia.